Bitdefender blocking wscript.exe potentially malicious actions every 5 minutes on Windows 10
I'm getting these critical notifications every 5 minutes non-stop on Windows 10.
Application wscript.exe has been detected as potentially malicious and was blocked. Application path: C:\Windows\System32\wscript.exe Command line parameters: wscript.exe C:\Users\nicom\AppData\Roaming\h.vbs C:\Users\nicom\AppData\Roaming\2.bat //B Detection ID: ML:SuspiciousBehavior.E0BEB843199F21
Does anybody know if it could be harmful and what to do about it?
Thanks in advance!
Comments
-
I had the exact same same issue as your. I think it's highly lightly that it's a false positive as it's signed certifcate. In any case I ran pretty much every antivirus product I could get my hands on and none of them picked it up as a threat. Hopefully that may put your mind at ease.
1 -
Hey anon, thanks for your response!
I thought about it being a false positive, but what's weird is that I have the same Bitdefender version on both my PC and laptop, both with the same version of Windows 10, and the issue is only happening on the PC. They have different programs installed of course, but I'd at least like to be able to trace it back to a source!
0 -
I've apparently found a solution!
I went to the path where I previously tried to find the "h.vbs" file that was causing the issue (C:\Users\myuser\AppData\Roaming) and managed to display it by checking the following option in the view settings:
I've deleted it and the Bitdefender notifications have since stopped.
Just to be sure it wasn't a false positive from an important Windows file, I checked my other PC, with the same Windows version and Bitdefender version installed, and didn't find the file there.
Here's a document that defines the file as malicious, although it's in a different (but similar) location:
Content of h.vbs, in case I ever need to restore it:
If WScript.Arguments.Count >= 1 Then
ReDim arr(WScript.Arguments.Count-1)
For i = 0 To WScript.Arguments.Count-1
Arg = WScript.Arguments(i)
If InStr(Arg, " ") > 0 Then Arg = """" & Arg & """"
arr(i) = Arg
Next
RunCmd = Join(arr)
CreateObject("Wscript.Shell").Run RunCmd, 0, True
End If
Good luck and thanks for your insights!
Nicolas
1